Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/2aDHEjOb6GEyE3bNG85KqxbQ8jY.roa
File:                     2aDHEjOb6GEyE3bNG85KqxbQ8jY.roa (raw, json)
Hash identifier:          vn2gcgZTwBagseQZ1wHGWP5RP56bkWT4DAFRko5y+i0=
Subject key identifier:   D9:A0:C7:12:33:9B:E8:61:32:13:76:CD:1B:CE:4A:AB:16:D0:F2:36
Certificate issuer:       /CN=3474210c28413e26284822abe83ad6d7c0f764fa
Certificate serial:       018CC500E62344F24DF0FADB35D24071DEAF
Authority key identifier: 34:74:21:0C:28:41:3E:26:28:48:22:AB:E8:3A:D6:D7:C0:F7:64:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NHQhDChBPiYoSCKr6DrW18D3ZPo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/2aDHEjOb6GEyE3bNG85KqxbQ8jY.roa
Signing time:             Mon 01 Jan 2024 12:30:19 +0000
ROA not before:           Mon 01 Jan 2024 12:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6939
IP address blocks:        185.68.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/NHQhDChBPiYoSCKr6DrW18D3ZPo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/NHQhDChBPiYoSCKr6DrW18D3ZPo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NHQhDChBPiYoSCKr6DrW18D3ZPo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Apr 2024 08:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:e6:23:44:f2:4d:f0:fa:db:35:d2:40:71:de:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3474210c28413e26284822abe83ad6d7c0f764fa
        Validity
            Not Before: Jan  1 12:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d9a0c712339be861321376cd1bce4aab16d0f236
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:08:15:01:cb:77:e4:88:d7:87:da:c4:79:00:
                    c9:64:20:68:42:20:18:04:c1:95:9c:fe:ff:91:ab:
                    e7:d4:22:db:60:11:32:15:2c:71:47:ba:68:65:c6:
                    f4:0a:b6:e3:56:c0:c9:21:25:be:35:25:3e:4d:c4:
                    1c:c3:2b:a1:af:40:c1:6a:75:5a:04:56:b7:93:92:
                    14:8c:88:9d:cb:f5:f2:3e:46:e0:93:4b:ae:06:a7:
                    89:5f:b3:93:53:4d:d9:8e:3f:a3:c1:14:fe:b0:84:
                    f3:da:02:06:fa:55:5a:00:32:42:ae:fb:14:6d:dc:
                    96:9f:40:86:c7:29:d1:ed:24:fa:c5:75:99:72:44:
                    a4:6d:d0:d0:aa:db:b7:77:f6:53:e5:84:3e:1a:48:
                    cb:14:7c:9e:01:ee:8b:0f:d2:37:66:df:45:2b:c2:
                    44:ae:96:eb:70:76:e5:14:28:77:9f:3a:f7:c9:af:
                    b5:a3:b1:fb:0f:70:cb:a7:4b:25:cc:2a:d4:71:bd:
                    ff:0f:a1:f7:ea:f3:22:9f:10:3b:67:4f:f2:2b:20:
                    a5:63:78:f5:d5:f5:79:d3:cc:33:ac:3a:b6:b1:ce:
                    99:70:11:da:8f:57:49:0d:6e:17:37:df:04:17:18:
                    18:70:51:f4:70:65:98:36:26:ab:25:bd:72:6c:4f:
                    ec:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:A0:C7:12:33:9B:E8:61:32:13:76:CD:1B:CE:4A:AB:16:D0:F2:36
            X509v3 Authority Key Identifier:
                keyid:34:74:21:0C:28:41:3E:26:28:48:22:AB:E8:3A:D6:D7:C0:F7:64:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NHQhDChBPiYoSCKr6DrW18D3ZPo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/2aDHEjOb6GEyE3bNG85KqxbQ8jY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/NHQhDChBPiYoSCKr6DrW18D3ZPo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.68.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:14:32:1f:36:75:96:56:df:1b:0a:8f:65:63:1f:38:34:46:
         6e:20:68:52:bd:5b:24:8f:7b:9a:ec:c9:56:7d:7a:84:85:df:
         87:8d:75:d6:00:3f:ad:49:e2:08:5f:68:88:cf:52:f2:35:31:
         27:00:7b:fb:99:51:f0:79:23:d0:41:24:cd:25:ec:ac:40:35:
         17:ea:e1:e7:04:55:1b:b7:2b:20:cf:11:69:b7:63:e9:de:47:
         8e:45:6e:fe:a1:cc:48:d2:c6:20:47:b4:95:35:84:4a:ea:fd:
         a7:83:2c:ff:2a:cf:0d:83:55:c4:a5:8d:66:82:ad:ba:51:85:
         8c:f8:c7:22:0b:72:fd:d4:cf:3d:b3:91:2b:3a:19:e8:9f:c7:
         ae:7d:01:60:03:eb:2d:92:3d:fc:90:6a:cb:ef:5c:10:47:00:
         6e:35:80:2d:ae:7c:80:2c:55:82:b4:22:77:0c:ce:f1:0b:90:
         62:0d:25:cf:92:fb:19:55:70:6d:e5:7c:31:4f:0c:55:c6:a5:
         91:74:5e:68:80:9f:3e:e1:9a:75:71:04:3d:bf:dd:47:05:e8:
         8c:3a:33:1e:bf:5e:e4:1f:46:9a:39:ac:cd:43:13:c5:81:01:
         aa:cf:86:fc:6b:f4:5b:e5:2a:4f:1f:93:17:2c:0a:47:47:79:
         b1:a6:27:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAOYjRPJN8PrbNdJAcd6vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NzQyMTBjMjg0MTNlMjYyODQ4MjJhYmU4M2FkNmQ3YzBm
NzY0ZmEwHhcNMjQwMTAxMTIzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWEwYzcxMjMzOWJlODYxMzIxMzc2Y2QxYmNlNGFhYjE2ZDBmMjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhggVAct35IjXh9rEeQDJZCBoQiAY
BMGVnP7/kavn1CLbYBEyFSxxR7poZcb0CrbjVsDJISW+NSU+TcQcwyuhr0DBanVa
BFa3k5IUjIidy/XyPkbgk0uuBqeJX7OTU03Zjj+jwRT+sITz2gIG+lVaADJCrvsU
bdyWn0CGxynR7ST6xXWZckSkbdDQqtu3d/ZT5YQ+GkjLFHyeAe6LD9I3Zt9FK8JE
rpbrcHblFCh3nzr3ya+1o7H7D3DLp0slzCrUcb3/D6H36vMinxA7Z0/yKyClY3j1
1fV508wzrDq2sc6ZcBHaj1dJDW4XN98EFxgYcFH0cGWYNiarJb1ybE/sFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNmgxxIzm+hhMhN2zRvOSqsW0PI2MB8GA1UdIwQY
MBaAFDR0IQwoQT4mKEgiq+g61tfA92T6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkhRaERDaEJQaVlvU0NLcjZEclcxOEQzWlBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8zZTk5MTYtNGY4YS00YjA4LTg5Yzkt
YjBjNzRiNzZlMTgyLzEvMmFESEVqT2I2R0V5RTNiTkc4NUtxeGJROGpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8zZTk5MTYtNGY4YS00YjA4LTg5YzktYjBjNzRiNzZlMTgy
LzEvTkhRaERDaEJQaVlvU0NLcjZEclcxOEQzWlBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUQvMA0G
CSqGSIb3DQEBCwUAA4IBAQC0FDIfNnWWVt8bCo9lYx84NEZuIGhSvVskj3ua7MlW
fXqEhd+HjXXWAD+tSeIIX2iIz1LyNTEnAHv7mVHweSPQQSTNJeysQDUX6uHnBFUb
tysgzxFpt2Pp3keORW7+ocxI0sYgR7SVNYRK6v2ngyz/Ks8Ng1XEpY1mgq26UYWM
+MciC3L91M89s5ErOhnon8eufQFgA+stkj38kGrL71wQRwBuNYAtrnyALFWCtCJ3
DM7xC5BiDSXPkvsZVXBt5XwxTwxVxqWRdF5ogJ8+4Zp1cQQ9v91HBeiMOjMev17k
H0aaOazNQxPFgQGqz4b8a/Rb5SpPH5MXLApHR3mxpicc
-----END CERTIFICATE-----